A zero click surveillance exploit is scaring the security industry – very badly

zero click
Image by Skorzewiak | Bigstockphoto

A zero click exploit is, to a hacker, a thing of beauty. To a security professional it is truly terrifying.

The Google Project Zero team just unravelled one and labelled it the most sophisticated exploit they have ever seen and that the notorious NSO Group have created a “weapon against which there is no defence.”

The zero click exploit attacks iPhones, which is one of the reasons that Apple is suing NSO, an Israeli outfit that has the hacking capabilities of only a small handful of nation states.

As the description suggests, this exploit (which is used to spy on the iPhone user) is so dangerous because it is zero click, so does not need the user to click on something to trigger it. It uses iMessage as its attack vector and even has its own CPU. All attackers need to fire a surveillance bug into a phone is its number. After that, it is in place and recording whatever the attacker requires.

To the knowledge of the spies tracking it, the zero click exploit (code name FORCEDENTRY) has been used in several cases in the Middle East.

NSO is now on the US ‘entity list.’

The problem with this zero click exploit (apart from the fact that there is no defence against it) is that if the US and its allies refuse to use it, then their opponents will and will therefore immediately have the upper hand and be able to spy on, well, whoever they wish.

This is the latest in a depressing list of increasingly sophisticated attacks and is a long, long way from teenagers stealing credit card details and selling them on the web. Recently we reported on the fact that air-gapping is no longer a safe option for protecting sensitive data and Kamala Harris’ decision not to use Bluetooth enabled earphones was right. People actually criticised her for it.

It is scary and scaring the security industry badly. Whether and when they come up with a solution only time will tell but the cat is out of the bag and will be used by unscrupulous regimes (and probably scrupulous ones too) to gain an advantage over it foes, while relishing the ability to spy on its citizens ever more easily and pervasively.

As with all of this, and the increasing stress it is causing, the only real solution is to stop using technology altogether.

Related article:

Be the first to comment

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.